Monday, May 7, 2018

Configure HAProxy and Keepalived with Puppet

We’re going to use Puppet to install and configure HAProxy to load
balance Apache web services. We’ll also configure Keepalived to provide
failover capabilities.
This article is part of the Homelab Project with KVM, Katello and Puppet series. See here for a blog post on how to configure HAProxy and Keepalived manually.

Homelab

We have two CentOS 7 servers installed which we want to configure as follows:proxy1.hl.local (10.11.1.19) – HAProxy with Keepalived (master router node)proxy2.hl.local (10.11.1.20) – HAProxy with Keepalived (slave router node)
SELinux set to enforcing mode.
See the image below to identify the homelab part this article applies to.

HAProxy and Virtual IP

We use 10.11.1.30 as a virtual IP, with a DNS name of blog.hl.local. This is the DNS of our WordPress site.

Kernel Parameters and IP Forwarding

Load balancing in HAProxy requires the ability to bind to an IP
address that is nonlocal. This allows a running load balancer instance
to bind to a an IP that is not local for failover.
In order for the Keepalived service to forward network packets
properly to the real servers, each router node must have IP forwarding
turned on in the kernel.

Note how we forward all HTTP traffic to HTTPS. We also enable HAProxy stats.
There are several HAProxy load balancing algorithms available, we use the source
algorithm to select a server based on a hash of the source IP. This
method helps to ensure that a user will end up on the same server.